 Cert Prep - 1 Information Security Governance/thumbnail.webp?token=Y291cnNlcy8yMDIyLzA3L0NlcnRpZmllZCBJbmZvcm1hdGlvbiBTZWN1cml0eSBNYW5hZ2VyIChDSVNNKSBDZXJ0IFByZXAgLSAxIEluZm9ybWF0aW9uIFNlY3VyaXR5IEdvdmVybmFuY2UvdGh1bWJuYWlsLndlYnA6MTc4MzI4OTczMDpkYzZlODlkNmE2MjNlYWE2MTNhNTUxZmRjNjgxMzdlMzJkMGJlNmNlOGM4YTI4OTEwNzY0NzQzNTkyYTE0ZGZm)
Certified Information Security Manager (CISM) Cert Prep (2022): 1 Information Security Governance
1h 49mAdvanced2022-07-20
Authors
Mike Chapple
Teaching Professor at the University of Notre Dame
Course details
Prepare for the first domain of the Certified Information Security Manager (CISM) exam: Information Security Governance. CISM certification validates your expertise in information security. A key part of that is governance, which ensures your team's work is aligned with business objectives and external requirements. This course covers all the material in the domain, including implementing an information security strategy, developing a governance framework, and integrating that framework into corporate governance practices. Instructor Mike Chapple also covers developing policies, business cases, and other key components of a security governance program.
Skills covered
Governance, Risk, and ComplianceCybersecurityCert Prep
Concepts
0. Introduction
- 01 - Welcome
- 02 - What you need to know
- 03 - Study resources
1. Information Security Strategy
- 04 - The goals of information security
- 05 - Designing an information security strategy
- 06 - Aligning security with the business
- 07 - Strategic Influences
- 08 - Organizational processes
- 09 - Security roles and responsibilities
2. Industry Standards
- 10 - Control frameworks
- 11 - Developing security baselines
- 12 - Leveraging industry standards
- 13 - Customizing security standards
3. Security Budgeting
- 14 - Developing a security budget
- 15 - Capital vs. operational expenses
- 16 - Budget monitoring and reporting
4. Security Governance
- 17 - Information security governance
- 18 - Security governance frameworks
5. Security Policies
- 19 - Security policy framework
- 20 - Security policies
6. Data Security
- 21 - Understanding data security
- 22 - Data security policies
- 23 - Data security roles
- 24 - Data privacy
- 25 - Limiting data collection
- 26 - Privileged access management
7. Navigating the Organization
- 27 - Organizational structure
- 28 - Obtaining leadership support
8. Assessing Security Programs
- 29 - Collecting security process data
- 30 - Management review and approval
- 31 - Security metrics
- 32 - Audits and assessments
- 33 - Control management
9. Security Principles
- 34 - Need to know and least privilege
- 35 - Separation of duties and responsibilities
Conclusion
- 36 - Continuing your studies
Related courses
- SOC 2 Compliance Essential Training
- Program Management for Cybersecurity Managers: From Planning to Cross-Functional Coordination
- Navigating the EU Cyber Resilience Act
- Cybersecurity Compliance and Regulatory Essentials for GRC Analysts
- Hands-on AI: Next-Gen Security and GRC Automation with MCP
- Building a Multicloud Security Program: Strategy, Implementation, and Emerging Trends
- Navigating AI Regulations: A Business Guide to Risk, Responsibility, and Strategy
- DORA Requirements and AI Security: From Compliance to Threat Intelligence